osbuild-composer-100-1.el8.ML.1, osbuild-110-1.el8.ML.1
エラータID: AXSA:2024-8384:02
リリース日:
2024/06/18 Tuesday - 21:57
題名:
osbuild-composer-100-1.el8.ML.1, osbuild-110-1.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- osbuild-composer には、パッケージリポジトリの GPG 検証が
無効になり、ビルドフェーズが中間者攻撃にさらされる問題が
あるため、ローカルの攻撃者により、ビルドされるイメージに
対して不正なコードの組み込みを可能とする脆弱性が存在します。
(CVE-2024-2307)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-2307
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
追加情報:
N/A
ダウンロード:
SRPMS
- osbuild-composer-100-1.el8.ML.1.src.rpm
MD5: d11a818fc87de1cfa9625a33a6c0fb38
SHA-256: e142e70683d9217a9c5238e92f41c36f2b4dcc2bd25a9bb7d538b1a7755967aa
Size: 129.97 MB - osbuild-110-1.el8.ML.1.src.rpm
MD5: f8f2d1f8d1031e5804549676f4c8cc61
SHA-256: 4225a956e60eada26ca2b438b3c60465a1d132527b858c9b86fe390132127e81
Size: 7.93 MB
Asianux Server 8 for x86_64
- osbuild-110-1.el8.ML.1.noarch.rpm
MD5: 2b32b4bc6e7674f13c7753a843d55e2c
SHA-256: ecab2c1e294b54165812ce3b07a8ad08c57930c4266872481d5d0ae2cab7056c
Size: 157.03 kB - osbuild-composer-100-1.el8.ML.1.x86_64.rpm
MD5: 333fc9d6bd7c23e7e281c406f0ade449
SHA-256: b583938bcaca84dc41d7b14b77426b82c36680aea22770bda563ec1910559b0e
Size: 22.53 kB - osbuild-composer-core-100-1.el8.ML.1.x86_64.rpm
MD5: 7695866e92fbff3650d686ebfff3ff0a
SHA-256: 412e21207c226929688123dc9a5812b07373f7e7bf19d1393b6f2de9f584c680
Size: 10.30 MB - osbuild-composer-dnf-json-100-1.el8.ML.1.x86_64.rpm
MD5: d8df835fcde3378c7a1de184dc7e9819
SHA-256: a63cebc80b86f07054e5c0734740f376b3c451e63a80693e80bb5a6351323520
Size: 17.15 kB - osbuild-composer-worker-100-1.el8.ML.1.x86_64.rpm
MD5: fa0263cf122183f97777a53860d798f7
SHA-256: 1f6dbc81315f87e15f38263cf414801d81a62e7462326db8fd4b31d48514d9c0
Size: 14.14 MB - osbuild-depsolve-dnf-110-1.el8.ML.1.noarch.rpm
MD5: 828c30ab81b11362c6247432dbc568ab
SHA-256: ea5995e5666cc75e0da749352d0bf6149f549ee4a6440f5a1507386bdda073f1
Size: 21.02 kB - osbuild-luks2-110-1.el8.ML.1.noarch.rpm
MD5: 6d184fe43024fbba8c5bcde2292774fa
SHA-256: bb5c7b9ae6b4045f3fe3c8a415a5b4facf2f36d8de3874e033e851b1364baba4
Size: 20.63 kB - osbuild-lvm2-110-1.el8.ML.1.noarch.rpm
MD5: 351bc472d397304a55c32cc3ec25849e
SHA-256: 0564bcf5019e0c3e0d10c5e923dc9a1a834da853eacd6dc27731d29d99e500bb
Size: 20.24 kB - osbuild-ostree-110-1.el8.ML.1.noarch.rpm
MD5: 341f9314fcf8aee6766fcc42bacd98b5
SHA-256: 426ddd8cc5b7ae2cca70a9ca1454831b6e6ad5cad58cbb800b3bf97ba7bdd9f4
Size: 36.42 kB - osbuild-selinux-110-1.el8.ML.1.noarch.rpm
MD5: 11d52ef542f91aaecac94f3294d92c32
SHA-256: e7c48904910b06b65383bd8a4a3f61a822c2b7b25e22941e2ae0e02f7c11f0bd
Size: 32.46 kB - python3-osbuild-110-1.el8.ML.1.noarch.rpm
MD5: f08b79cdb64449376d3bce90029bd397
SHA-256: 9f922b57dc8e7c074459ef5d0d597fe14f6de0fc1bc1d62ad40039075f43ecfe
Size: 212.37 kB
English